diff --git a/hosts/common/optional/avahi.nix b/hosts/common/optional/avahi.nix
new file mode 100644
index 0000000..9c15000
--- /dev/null
+++ b/hosts/common/optional/avahi.nix
@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  services.avahi = {
+    enable = true;
+    nssmdns = true;
+    openFirewall = true;
+    publish = {
+      enable = true;
+      addresses = true;
+      domain = true;
+      hinfo = true;
+      userServices = true;
+      workstation = true;
+    };
+    extraServiceFiles = {
+      smb = ''
+        <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
+        <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+        <service-group>
+          <name replace-wildcards="yes">%h</name>
+          <service>
+            <type>_smb._tcp</type>
+            <port>445</port>
+          </service>
+        </service-group>
+      '';
+    };
+  };
+}
\ No newline at end of file
diff --git a/hosts/common/optional/samba.nix b/hosts/common/optional/samba.nix
new file mode 100644
index 0000000..b6d0c05
--- /dev/null
+++ b/hosts/common/optional/samba.nix
@@ -0,0 +1,117 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  services.samba-wsdd.enable = true;
+  services.samba-wsdd.workgroup = "WORKGROUP";
+  networking.firewall.allowedTCPPorts = [
+    5357 # wsdd
+  ];
+  networking.firewall.allowedUDPPorts = [
+    3702 # wsdd
+  ];
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    enableNmbd = true; # namespace and browsing suport
+    enableWinbindd = true; # integrations linux user auth
+    openFirewall = true;
+    extraConfig = ''
+      # server string = nas
+      # netbios name = nas
+      workgroup = WORKGROUP
+      browseable = yes
+      smb encrypt = auto
+      load printers = no
+      printcap name = /dev/null
+      guest account = nobody
+      map to guest = bad user
+      hosts allow = 10.0.7. 10.0.2. 10.2.0. 127.0.0.1 localhost
+      hosts deny = 0.0.0.0/0
+      vfs objects = catia fruit streams_xattr
+      fruit:nfs_aces = no
+      fruit:zero_file_id = yes
+      fruit:metadata = stream
+      fruit:encoding = native
+      spotlight backend = tracker
+      fruit:model = MacPro7,1@ECOLOR=226,226,224
+      fruit:wipe_intentionally_left_blank_rfork = yes 
+      fruit:delete_empty_adfiles = yes
+    '';
+
+    # Don't forget to run `smbpasswd -a <user>` to set the passwords (the user must already exit)
+    shares = {
+      timemachine = {
+        path = "/mnt/tank/backups/timemachine";
+        browseable = "yes";
+        # "valid users" = "root";
+        public = "no";
+        writeable = "yes";
+        "force user" = "root";
+        "force group" = "root";
+        "fruit:aapl" = "yes";
+        "fruit:time machine" = "yes";
+        "vfs objects" = "catia fruit streams_xattr";
+      };
+      Tesla = {
+        path = "/mnt/tank/media/Videos/Tesla";
+        browseable = "yes";
+        "force user" = "nas";
+        "force group" = "nas";
+        "guest ok" = "no";
+        public = "no";
+        "read only" = "no";
+        writeable = "yes";
+        "create mask" = "0666";
+        "directory mask" = "0777";
+        "veto files" = "/._*/.DS_Store/";
+        "delete veto files" = "yes";
+        "spotlight" = "yes";
+      };
+      media = {
+        path = "/mnt/tank/media";
+        browseable = "yes";
+        "force user" = "nas";
+        # "force group" = "nas";
+        "guest ok" = "no";
+        public = "no";
+        "read only" = "no";
+        writeable = "yes";
+        "create mask" = "0666";
+        "directory mask" = "0777";
+        "veto files" = "/._*/.DS_Store/";
+        "delete veto files" = "yes";
+        "spotlight" = "yes";
+      };
+      Photographs = {
+        path = "/mnt/tank/media/Photographs";
+        browseable = "yes";
+        "force user" = "nas";
+        "force group" = "nas";
+        "guest ok" = "no";
+        public = "no";
+        "read only" = "no";
+        writeable = "yes";
+        "create mask" = "0666";
+        "directory mask" = "0777";
+        "veto files" = "/._*/.DS_Store/";
+        "delete veto files" = "yes";
+        "spotlight" = "yes";
+      };
+      backups = {
+        path = "/mnt/tank/backups";
+        browseable = "yes";
+        "force user" = "root";
+        "force group" = "root";
+        "guest ok" = "no";
+        public = "no";
+        "read only" = "no";
+        writeable = "yes";
+        "veto files" = "/._*/.DS_Store/";
+        "delete veto files" = "yes";
+      };
+    };
+  };
+}
diff --git a/hosts/nas/default.nix b/hosts/nas/default.nix
index ff5118d..fa5e5a6 100644
--- a/hosts/nas/default.nix
+++ b/hosts/nas/default.nix
@@ -10,9 +10,11 @@
     ../common/nixos
     ../common/nixos/auto-upgrade.nix
     ../common/nixos/users/nix
+    ../common/optional/avahi.nix
     ../common/optional/fish.nix
     ../common/optional/nfs.nix
     ../common/optional/reboot-required.nix
+    ../common/optional/samba.nix
     ../common/optional/virtulization.nix
     ../common/optional/vscode-server.nix
     ../common/optional/zfs.nix
@@ -24,6 +26,25 @@
     networkmanager.enable = true; # Easiest to use and most distros use this by default.
   };
 
+  users.groups = {
+    nas.gid = 1001;
+  };
+  users.users = {
+    nas = {
+      group = "nas";
+      uid = 1001;
+      isSystemUser = true;
+      # isNormalUser = true;
+    };
+  };
+  services.smartd.enable = true;
+  environment.systemPackages = with pkgs; [
+    ipmitool
+    lshw
+    rclone
+    smartmontools
+  ];
+
   # may fix issues with network service failing during a nixos-rebuild
   systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
   systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;